From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9FC04846F for ; Mon, 17 Apr 2023 13:03:11 +0000 (UTC) Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out1.suse.de (Postfix) with ESMTP id 7880921A8B; Mon, 17 Apr 2023 13:03:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1681736584; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=aD2VNuD2E1tDKjg0hrOisWghT7bUVIMdKRz/uLa3+d4=; b=osO1sAppy9HpOE8IAnT8BPgb7cFZXJ/IdUV6Cg0nhW/vg+ygHgDHjHT3NAjle59eGQXS3J jMPtM9AEgs8w8mTn1xBV+qO9YP8PpRv1gg1tCMyjsV9TxGj1gqIHK3NCyYHX/QW+Brb726 BLjJoaz5CDyI1E5eo+ss3zO8Mp9iYCQ= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1681736584; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=aD2VNuD2E1tDKjg0hrOisWghT7bUVIMdKRz/uLa3+d4=; b=mSPyrBYx9X7pWndervlxexwCJ+qZhpxUVthbHGh2Dh7AIKo+Uwg0Ax/gg0FJuvIFExJHDV Mjherdhu7n5EkxDA== Received: from adalid.arch.suse.de (adalid.arch.suse.de [10.161.8.13]) by relay2.suse.de (Postfix) with ESMTP id 6835C2C165; Mon, 17 Apr 2023 13:03:04 +0000 (UTC) Received: by adalid.arch.suse.de (Postfix, from userid 16045) id 6493851C25BC; Mon, 17 Apr 2023 15:03:04 +0200 (CEST) From: Hannes Reinecke To: Sagi Grimberg Cc: Christoph Hellwig , Keith Busch , linux-nvme@lists.infradead.org, Chuck Lever , kernel-tls-handshake@lists.linux.dev, Hannes Reinecke Subject: [PATCH 17/18] nvmet-tcp: control messages for recvmsg() Date: Mon, 17 Apr 2023 15:03:01 +0200 Message-Id: <20230417130302.86274-18-hare@suse.de> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20230417130302.86274-1-hare@suse.de> References: <20230417130302.86274-1-hare@suse.de> Precedence: bulk X-Mailing-List: kernel-tls-handshake@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit kTLS requires control messages for recvmsg() to relay any out-of-band TLS messages (eg TLS alerts) to the caller. Signed-off-by: Hannes Reinecke --- drivers/nvme/target/tcp.c | 51 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 49 insertions(+), 2 deletions(-) diff --git a/drivers/nvme/target/tcp.c b/drivers/nvme/target/tcp.c index ea853658430f..2974abd30b45 100644 --- a/drivers/nvme/target/tcp.c +++ b/drivers/nvme/target/tcp.c @@ -13,6 +13,7 @@ #include #include #include +#include #include #include #include @@ -117,6 +118,7 @@ struct nvmet_tcp_cmd { u32 pdu_len; u32 pdu_recv; int sg_idx; + char recv_cbuf[CMSG_LEN(sizeof(char))]; struct msghdr recv_msg; struct bio_vec *iov; u32 flags; @@ -1103,12 +1105,39 @@ static inline bool nvmet_tcp_pdu_valid(u8 type) return false; } +static bool nvmet_tcp_tls_record_ok(struct msghdr *msg, char *cbuf) +{ + struct cmsghdr *cmsg = (struct cmsghdr *)cbuf; + unsigned char ctype; + + if (!IS_ENABLED(CONFIG_NVME_TARGET_TCP_TLS)) + return 0; + + if (CMSG_OK(msg, cmsg) && + cmsg->cmsg_level == SOL_TLS && + cmsg->cmsg_type == TLS_GET_RECORD_TYPE) { + ctype = *((unsigned char *)CMSG_DATA(cmsg)); + if (ctype != TLS_RECORD_TYPE_DATA) { + pr_err("unhandled TLS record %d\n", ctype); + return false; + } + } + return true; +} + static int nvmet_tcp_try_recv_pdu(struct nvmet_tcp_queue *queue) { struct nvme_tcp_hdr *hdr = &queue->pdu.cmd.hdr; int len; struct kvec iov; - struct msghdr msg = { .msg_flags = MSG_DONTWAIT }; + char cbuf[CMSG_LEN(sizeof(char))] = {}; + struct msghdr msg = { +#ifdef CONFIG_NVME_TARGET_TCP_TLS + .msg_control = cbuf, + .msg_controllen = sizeof(cbuf), +#endif + .msg_flags = MSG_DONTWAIT + }; recv: iov.iov_base = (void *)&queue->pdu + queue->offset; @@ -1117,6 +1146,8 @@ static int nvmet_tcp_try_recv_pdu(struct nvmet_tcp_queue *queue) iov.iov_len, msg.msg_flags); if (unlikely(len < 0)) return len; + if (!nvmet_tcp_tls_record_ok(&msg, cbuf)) + return -ENOTCONN; queue->offset += len; queue->left -= len; @@ -1176,6 +1207,9 @@ static int nvmet_tcp_try_recv_data(struct nvmet_tcp_queue *queue) cmd->recv_msg.msg_flags); if (ret <= 0) return ret; + if (!nvmet_tcp_tls_record_ok(&cmd->recv_msg, + cmd->recv_cbuf)) + return -ENOTCONN; cmd->pdu_recv += ret; cmd->rbytes_done += ret; @@ -1197,7 +1231,14 @@ static int nvmet_tcp_try_recv_ddgst(struct nvmet_tcp_queue *queue) { struct nvmet_tcp_cmd *cmd = queue->cmd; int ret; - struct msghdr msg = { .msg_flags = MSG_DONTWAIT }; + char cbuf[CMSG_LEN(sizeof(char))] = {}; + struct msghdr msg = { +#ifdef CONFIG_NVME_TARGET_TCP_TLS + .msg_control = cbuf, + .msg_controllen = sizeof(cbuf), +#endif + .msg_flags = MSG_DONTWAIT + }; struct kvec iov = { .iov_base = (void *)&cmd->recv_ddgst + queue->offset, .iov_len = queue->left @@ -1207,6 +1248,8 @@ static int nvmet_tcp_try_recv_ddgst(struct nvmet_tcp_queue *queue) iov.iov_len, msg.msg_flags); if (unlikely(ret < 0)) return ret; + if (!nvmet_tcp_tls_record_ok(&msg, cbuf)) + return -ENOTCONN; queue->offset += ret; queue->left -= ret; @@ -1376,6 +1419,10 @@ static int nvmet_tcp_alloc_cmd(struct nvmet_tcp_queue *queue, if (!c->r2t_pdu) goto out_free_data; + if (IS_ENABLED(CONFIG_NVME_TARGET_TCP_TLS)) { + c->recv_msg.msg_control = c->recv_cbuf; + c->recv_msg.msg_controllen = sizeof(c->recv_cbuf); + } c->recv_msg.msg_flags = MSG_DONTWAIT | MSG_NOSIGNAL; list_add_tail(&c->entry, &queue->free_list); -- 2.35.3